[Bastille-linux-discuss] Iptables config on Bastille for dummies

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

 I have always met with difficulty implementing the firewall scripts in
Bastille.  My Linux box is a ssh (tcp port 22), mail (tcp port 25), dns (tcp
and udp port 53), pop3s (tcp port 995)server to outside world, also squid
proxy (tcp port 3128), x (tcp port 6000-6020?) and nessus (tcp port 1241)
internal.  Ntp (udp port 123) is also needed.  System currently has two NICs
NAT mapped to a Netscreen firewall.  The NAT addresses are 192.168.1.221
(eth0) and 192.168.1.222 (eth1) corresponding to 24.199.20.221
(ns2.mmicman.com) and 24.199.20.222(mail.mmicman.com) respectively.

I may have missed a few, but here is a list:

tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:9098            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN

tcp        0      0 192.168.1.221:53        0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:10200         0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:1241            0.0.0.0:*               LISTEN

tcp        0      0 192.168.1.222:25        0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN

tcp        0     48 192.168.1.221:22        192.168.1.99:1497
ESTABLISHED 
tcp        0      0 192.168.1.221:22        192.168.1.101:1530
ESTABLISHED 
udp        0      0 0.0.0.0:32776           0.0.0.0:*

udp        0      0 0.0.0.0:10000           0.0.0.0:*

udp        0      0 0.0.0.0:916             0.0.0.0:*

udp        0      0 192.168.1.221:42672     0.0.0.0:*

udp        0      0 192.168.1.221:53        0.0.0.0:*

udp        0      0 127.0.0.1:53            0.0.0.0:*

udp        0      0 0.0.0.0:3130            0.0.0.0:*

udp        0      0 192.168.1.222:123       0.0.0.0:*

udp        0      0 192.168.1.221:123       0.0.0.0:*

udp        0      0 127.0.0.1:123           0.0.0.0:*

udp        0      0 0.0.0.0:123             0.0.0.0:*

raw        0      0 0.0.0.0:6               0.0.0.0:*               7

raw        0      0 0.0.0.0:17              0.0.0.0:*    

The Netscreen does a fine job of firewalling, but I would like to further
tighten up via iptables.  With two NICs, I always seem to screw it up.  I
anyone has some text I can just insert into the proper place or some url
pointers to some good setup scripts, it would be appreciated.

Regards,

Edward W. Ray

[Bastille-linux-discuss] Iptables config on Bastille for dummies

This tool locks down Linux and UNIX systems.

[Bastille-linux-discuss] Iptables config on Bastille for dummies